Self-study Lecture: Authentication/Access Control
Authentication
Authentication is part of the core of security. An entity claims something, a property or an identity, authentication is about verifying or rejecting any such claim. We will discuss three aspects of authentication: user-to-machine (and user-to-user), machine-to-user, machine-to-machine. For user authentication we will start with the traditional something you know, something you have and something you are and then look beyond.
Videos
You'll watch the videos through FeedbackFruits. This way you can ask questions and start discussions during the videos Links to an external site.. You’ll post anonymously (which is kind of ironic considering the topic is authentication). [Sonja adds: you should be able to log into FeedbackFruits Links to an external site. using your KTH credentials, by Sign by clicking on "inloggningsaltervativ" and then type in kth.se when asked for the organization's domain, then you can just log in with your regular ug.kth.se account. selecting Microsoft Teams as the login option. Then you don't have to create an extra account. Soon there should be an integration between FBF and Canvas at KTH, but probably not in time for this course.]
The slides are available here Links to an external site..
Links to the videos:
-
Intro to authentication: FeedbackFruits Links to an external site.
-
Bootstrapping authentication: FeedbackFruits Links to an external site.
-
User-to-machine authentication: FeedbackFruits Links to an external site.
-
“Something you know”: FeedbackFruits Links to an external site.
-
“Something you have”: FeedbackFruits Links to an external site.
-
Machine-to-user authentication: FeedbackFruits Links to an external site.
Reading
-
Chapter 2 in Anderson (2008) (FeedbackFruits Links to an external site.) (note 2nd edition).
-
Chapter 15 in Anderson (2008) (FeedbackFruits Links to an external site.) (biometrics).
-
Electronic Identities Need Private Credentials Links to an external site.
Additional reading
-
AnonPass: Practical anonymous subscriptions Links to an external site.
-
Distance-bounding, privacy-preserving attribute-based credentials Links to an external site.
-
The scammer who wanted to save his country Links to an external site. (FeedbackFruits Links to an external site.)
-
How Apple and Amazon Security Flaws Led to My Epic Hacking Links to an external site. (FeedbackFruits Links to an external site.)
-
Chapter 4 in Gollmann (2011).
References
Anderson, Ross J. 2008. Security Engineering: A Guide to Building Dependable Distributed Systems. 2nd ed. Indianapolis, IN: Wiley. http://www.cl.cam.ac.uk/~rja14/book.html Links to an external site..
Gollmann, Dieter. 2011. Computer Security. 3rd ed. Chichester, West Sussex, U.K.: Wiley.
Access control
Once you have authenticated users you can support access control — and this is also one of the main reasons to authenticate them in the first place. Access control aims at controlling who may access what and how they may access it. There are different models and ways to implement access control. Here we will give an overview of the possibilities.
Videos
The slides are available here Links to an external site.. The links to the videos:
-
Intro to access control: FeedBackFruits Links to an external site.
-
Access control models: FeedBackFruits Links to an external site.
-
Multi-level security: FeedBackFruits Links to an external site.
-
Multi-laterial security: FeedBackFruits Links to an external site.
Reading
- Chapter 4 (FeedBackFruits Links to an external site.) in Anderson (2008).
- Chapters 8 (FeedBackFruits Links to an external site.) and 9 (FeedBackFruits Links to an external site.) in Anderson (2008).
Additional reading
-
Chapter 5 in Gollmann (2011).
-
Chapters 11 and 12 in Gollmann (2011).
References
Anderson, Ross J. 2008. Security Engineering: A Guide to Building Dependable Distributed Systems. 2nd ed. Indianapolis, IN: Wiley. http://www.cl.cam.ac.uk/~rja14/book.html Links to an external site..
Gollmann, Dieter. 2011. Computer Security. 3rd ed. Chichester, West Sussex, U.K.: Wiley.